sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Skip protocol checking in esc_url() when we are dealing with a relative URL. Prevents munging of colons in paths and query strings, when present in a protocol-relative URL.

Browse Source 
props SergeyBiryukov.
fixes #21974.



git-svn-id: https://develop.svn.wordpress.org/trunk@24642 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin 2013-07-10 13:45:22 +00:00
parent d4b1d1bb2a
commit 49596ff2c1
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-includes/formatting.php
View File

@ -2645,11 +2645,15 @@ function esc_url( $url, $protocols = null, $_context = 'display' ) {
$url = str_replace( "'", ''', $url ); $url = str_replace( "'", ''', $url );
} }
if ( '/' === $url[0] ) {
$good_protocol_url = $url;
} else {
if ( ! is_array( $protocols ) ) if ( ! is_array( $protocols ) )
$protocols = wp_allowed_protocols(); $protocols = wp_allowed_protocols();
$good_protocol_url = wp_kses_bad_protocol( $url, $protocols ); $good_protocol_url = wp_kses_bad_protocol( $url, $protocols );
if ( strtolower( $good_protocol_url ) != strtolower( $url ) ) if ( strtolower( $good_protocol_url ) != strtolower( $url ) )
return ''; return '';
}
return apply_filters('clean_url', $good_protocol_url, $original_url, $_context); return apply_filters('clean_url', $good_protocol_url, $original_url, $_context);
} }